#!/bin/bash
##################################################################################################
##  Purpose:HGDB INIT 
##  Author :syd
##  Created:2024-07-17
##  Version:2
##################################################################################################
# 1.日志输出格式
log(){
	LOGFILE=fb_hy_$(date +"%Y%m%d").log
	LOGTYPE=$1
	NOW_TIME='['$(date +"%Y-%m-%d %H:%M:%S")']'
	case $LOGTYPE in
	ERROR)
	    echo -e "\033[31m$NOW_TIME [$1]$2\033[0m" 2>&1 | tee -a $LOGFILE;;
	INFO)
	    echo -e "\033[34m$NOW_TIME [$1]$2\033[0m" 2>&1 | tee -a $LOGFILE;;
	INPUT)
	    echo -e "\033[33m$NOW_TIME [$1]$2\033[0m" 2>&1 | tee -a $LOGFILE;;
	CMD)
		echo -e -n "\033[37m$NOW_TIME $2\n\033[0m" 2>&1 | tee -a $LOGFILE
		echo -e -n "\033[37m `$2`\n\033[0m" 2>&1 | tee -a $LOGFILE;;
	esac
}

# 2.审计参数设置
audit_set(){
	read -p "审计归档日志目录【默认:/data/highgo/audit_archive】: " ARCHIVE_DIR
	log INFO "你选择的数据库备份目录为：${ARCHIVE_DIR:=/data/highgo/audit_archive}"
    PASSWORD="Hello@321"
	
	if [ -d $ARCHIVE_DIR ]
	then
			:
	else
		mkdir -p $ARCHIVE_DIR
	fi	
	
	echo "select set_audit_param('hg_audit','off');
select set_audit_param('hg_audit_analyze','off');
select set_audit_param('hg_audit_logsize','60MB');
select set_audit_param('hg_audit_keep_days','90');
select set_audit_param('hg_audit_full_mode','1');
select set_audit_param('hg_audit_file_archive_mode','off');
select set_audit_param('hg_audit_file_archive_dest','/data/highgo/audit_archive');" > /tmp/.audit_param.sql
	log INFO "开始配置数据库审计参数……"
	psql -U syssao -d highgo -f /tmp/.audit_param.sql
	if [ $? -ne 0 ]; then
		rm -rf /tmp/.audit_param.sql
		exit
	fi
	rm -rf /tmp/.audit_param.sql
	log INFO "数据库审计参数配置完成！"
}

# 3.安全参数设置
secure_set(){
	echo "select set_secure_param('hg_sepofpowers','on');
select set_secure_param('hg_rowsecure','off');
select set_secure_param('hg_macontrol','min');
select set_secure_param('hg_showlogininfo','off');
select set_secure_param('hg_clientnoinput','0');
select set_secure_param('hg_idcheck.enable','on');
select set_secure_param('hg_idcheck.pwdlock','10');
select set_secure_param('hg_idcheck.pwdlocktime','8');
select set_secure_param('hg_idcheck.pwdpolicy','high');" > /tmp/.secure_param.sql
	log INFO "开始配置数据库安全参数……"
	psql -U syssso -d highgo -f /tmp/.secure_param.sql
	if [ $? -ne 0 ]; then
		rm -rf /tmp/.secure_param.sql
		exit
	fi
	rm -rf /tmp/.secure_param.sql
	psql highgo sysdba -c "checkpoint;"
	pg_ctl restart
	log INFO "数据库安全参数配置完成！"
	psql highgo syssao -c "select show_audit_param();"
	psql highgo syssso -c "select show_secure_param();"
}

# 4.密码设置
passwd_set(){
	while [[ ! $p =~ [y,Y,n,N] ]]
	do
	read -p "是否更改数据库用户密码有效期为无限期【默认:y】: " p
	log INFO "是否更改数据库用户密码有效期为无限期【默认:y】，你选择${p:=y}"
	case "$p" in
		Y|y)
			log INFO "开始更改数据库密码有效期……"
			psql highgo syssso -c "select set_secure_param('hg_idcheck.pwdvaliduntil','0');"
			TT=$(psql -c "select rolname from pg_catalog.pg_roles where rolname not like 'pg%' and rolname not in ('sysdba','syssso','syssao')" -t -A)
			for UU in $TT
			do
			psql -U syssso -c "alter user $UU valid until 'infinity'"
			done
			log INFO "数据库密码有效期已设置为无限期，重置数据库密码后生效。"
			;;
		N|n)
			read -p "请设置数据库密码有效期【默认：7天】：" yx
			log INFO "你设置的数据库密码有效期为 ${yx:=7} 天。"
			psql highgo syssso -c "select set_secure_param('hg_idcheck.pwdvaliduntil','$yx');"
			T=$(psql -c "select current_date+$yx" -t -A)
			TT=$(psql -c "select rolname from pg_catalog.pg_roles where rolname not like 'pg%' and rolname not in ('sysdba','syssso','syssao')" -t -A)
			for UU in $TT
			do
			psql -U syssso -c "alter user $UU valid until '$T'"
			done
			;;
		*)
			log ERROR "只可输入n或y，请重新输入！"
	esac
	done
	
	read -p "请设置 sysdba 用户新密码【默认：3@o0II5j】：" DBAPASS
	log INFO "你设置的 sysdba 用户新密码为：${DBAPASS:=3@o0II5j}"
	psql highgo sysdba -c "alter user sysdba password '$DBAPASS';"
	read -p "请设置 syssao 用户新密码【默认：jRl6z47@】：" SAOPASS
	log INFO "你设置的 syssao 用户新密码为：${SAOPASS:=jRl6z47@}"
	psql highgo syssao -c "alter user syssao password '$SAOPASS';"
	read -p "请设置 syssso 用户新密码【默认：Qv2I08u!】：" SSOPASS
	log INFO "你设置的 syssso 用户新密码为：${SSOPASS:=Qv2I08u!}"
	psql highgo syssso -c "alter user syssso password '$SSOPASS';"
	read -p "数据库端口【默认:5866】: " PORT
	log INFO "你选择的数据库端口为：${PORT:=5866}"
cat > /root/.pgpass <<EOF
#hostname:port:database:username:password
localhost:$PORT:highgo:sysdba:$DBAPASS
localhost:$PORT:highgo:syssao:$SAOPASS
localhost:$PORT:highgo:syssso:$SSOPASS
EOF
}

# 5.删除清归档任务及脚本
drop_job(){
	sed -i '/del_audit_archive/d' /var/spool/cron/root
	rm -rf /opt/del_audit_archive.sh
}

# 6.主函数
main(){
	log
	audit_set
    secure_set
	passwd_set
	drop_job
} 

# 7.执行
main
